Hi Kevin -
Well for some reason, your message and someone else's never got back to
me, saw it in the digest instead.
I've got about 30 class C zones on this server and it's only handling
rDNS for them; I figure theres a couple thousand actual PTR records.
I did log queries for a while and they were all legit PTR lookups.
Here's everything in named.conf except the zones themselves:
options {
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
allow-recursion {
localnets;
};
allow-transfer {
"none";
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "CeMgS23y0oWE20nyv0x40Q==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
Here's a couple of zones, they are all pretty much the same:
acl common-allow-transfer {
};
zone "22.140.204.IN-ADDR.ARPA" {
type master;
file "2/22.140.204.IN-ADDR.ARPA";
allow-transfer {
common-allow-transfer;
};
notify yes;
};
zone "3.245.173.IN-ADDR.ARPA" {
type master;
file "3/3.245.173.IN-ADDR.ARPA";
allow-transfer {
69.89.64.5;
65.97.49.34;
common-allow-transfer;
};
notify yes;
};
zone "92.119.199.IN-ADDR.ARPA" {
type master;
file "9/92.119.199.IN-ADDR.ARPA";
allow-transfer {
75.98.129.21/32;
75.98.129.24/32;
common-allow-transfer;
};
notify yes;
};
...etc
Thanks,
Ed
On 11/11/2012 1:57 PM, bind-users-requ...@lists.isc.org wrote:
I wouldn't expect a nameserver process on Linux, hosting only a few
reverse zones and doing nothing else, to be 71 megabytes in size; I just
checked one of ours, serving*all* of our internal zone data, forward
and reverse authoritative, plus some cached data for a significant
number of zones delegated to business partners, and it's less than 100
Mb in size.
Verify from your query logs, or by dumping cache, that it's*only* doing
what it is supposed to do, and no more. If you've got a bunch of data in
your cache, or a bunch of queries, that's unrelated to serving your
reverse DNS, then that's probably the root cause of your problem.
Consider turning off recursion, or severely limiting it, in order to
enforce that the nameserver is only serving its intended purpose. 2Gb of
memory is a little lean for a nameserver serving a*generic*
Internet-name-lookup role...
I guess another possibility is that you've gone crazy with your reverse
zones (e.g. using $GENERATE willy-nilly), and thus are using up way more
memory than you really need, to serve your reverse-resolution needs.
- Kevin
--
(800) 362-7579 ext 1
+-------------------------------------------------------+
+ Colocation Dedicated Servers IPv4 & IPv6 Transit +
+-------------------------------------------------------+
Connex Internet Services, Inc. direct: (916) 265-1568
11230 Gold Express Dr #310-313 fax: (916) 880-5663
Gold River, CA 95670 http://connexinternet.com
+-------------------------------------------------------+
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
